OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: spetrillo on May 24, 2022, 09:47:30 pm
-
Hello all,
I am trying to setup DDNS using Cloudflare. I have setup my A record in Cloudflare for the name I want to associate with my home public IP. I have installed the os-ddclient plugin and started to configure. What I am finding is if I check the Force SSL option the ddclient plugin will not run. If I uncheck it then the plugin goes green.
My problem is that I am trying to implement Synology Photos, and it needs to use HTTPS. I cannot seem to figure out how to get these to work together. I had Synology Photos working with NO IP but wanted to consolidate under Cloudflare, since my domain is registered with Cloudflare and I am using their proxy services.
Any thoughts on this?
Thanks,
Steve
-
Just confirming what you are trying to achieve here.
You want to have Synology photos be available remotely and at a URL that dynamically updates using dynamic DNS?
I'm assuming you have a registered domain name that is setup to work at Cloudflare.
I'm also assuming that os-ddclient is working for you and updating your IP at Cloudflare?
I also use Cloudflare for DDNS but am waiting for os-ddclient to work with an API key, so I'm using the old Dynamic DNS till then. https://forum.opnsense.org/index.php?topic=26446.0
I think you will either need to research using a reverse proxy like HAproxy
or you port forward 443 to your synology which will then be directly accessible on the internet (not sure this is safe?)
-
I originally had this setup via NO IP, and it was working well with the port forward. I wanted to move it from NO IP to Cloudflare, so I consolidate services under one provider. I think the os-ddclient is still a work in progress. Its a very finicky plugin and I am going to try the legacy plugin this morning.
Stay tuned...
PS - I will be looking into the reverse proxy, as a replacement for the port forward.
-
@bunchofreeds...since you are using the legacy plugin which Cloudflare option did you pick. Does picking the Cloudflare API token mean using the global token?
-
A temporary fix has been posted on GitHub: https://github.com/opnsense/plugins/issues/2842#issuecomment-1134831981
-
I'm using the 'legacy' DDNS plugin until the os-ddclient supports cloudflare with the API token. It's progressing really well it seems so should be capable enough soon.
To setup the legacy plugin you need to obtain an API token from Cloudflare. NOT the Global Key which effectively gives permission to do everything!
Create a new one and use the 'Edit Zone DNS' template
Permissions
Keep 'Zone - DNS - Edit'
Add 'Zone - Zone - Read'
Zone Resources
Specify your zone
The 'legacy' DDNS plugin has plenty of help about where to add your key - hopefully this moves to the os-ddclient in time...
Select 'Cloudflare API token'
Interface 'WAN' (probably)
Hostname 'Fully qualified domain name' the record you are updating at Cloudflare
Password 'API token'
-
To the OPNsense admins...I noticed that there is a ddclient-devel in the plugins, now that I am running the 23.1 development release(by the way really stable here). Does this plugin contain the Cloudflare update for using an API token or should I continue using the legacy plugin?
-
How to enable ddclient cloudflare API token use:
username: token
password: API Token
(taken from Github - just tried it on 23.1 and it works. Goodbye Global API Key!)